Re: security warning

Alan Cox (
Tue, 16 Dec 1997 22:41:43 +0000 (GMT)

> No, 2.0.x also followed symlinks for create(), I'm fairly certain. It used
> to be pretty painful to do, actually, but others did it, and I think
> people even pointed to programs that wanted it done.

2.0 does not follow the symlink for the last node of creat, and its
vital it doesnt.

ln -s /tmp/nosuchfile foofile

2.1 creates it

touch /tmp/nosuchfile


2.1 creates it

Test code

#include <stdio.h>
#include <fcntl.h>

int main(int argc,char *argv[])
if(open("foofile", O_EXCL|O_CREAT|O_TRUNC, 0600)==-1)
return 0;